A method, system, and computer program product reports malware events in real-time and does not cause network congestion that adversely affects the usability of the network. A method of reporting malware events comprises the steps of detecting a malware event, determining a level of the detected malware event, comparing the level of the detected malware event to an event trigger threshold, and transmitting a notification of the detected malware event, based on the comparison of the level of the detected malware event to the event trigger threshold.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method of reporting malware events comprising the steps of: detecting a plurality of malware events each with one of a plurality of levels using a malware scanner, the plurality of malware events comprising completion of a malware scan, a process failure relating to malware scanning, a missing log file, detection of malware, and failure of a response to malware; determining a level of a detected malware event; comparing the level of the detected malware event to an event trigger threshold with one of a plurality of levels; and transmitting a notification of the detected malware event over a network, based on the comparison of the level of the detected malware event to the event trigger threshold; wherein the level of the detected malware event comprises one of: informational malware events requiring no operator intervention; warning malware events that indicate a process failure; minor malware events that require attention, but are not events that could lead to loss of data; major malware events that need operator attention; critical malware events that need immediate operator attention and could lead to loss of data if not corrected; wherein the level of the event trigger threshold comprises one of: informational malware events requiring no operator intervention; warning malware events that indicate a process failure; minor malware events that require attention, but are not events that could lead to loss of data; major malware events that need operator attention; critical malware events that need immediate operator attention and could lead to loss of data if not corrected; wherein the transmitting step comprises the steps of: transmitting the notification of the detected malware event in real-time, if the level of the detected malware event is greater than or equal to the event trigger threshold; and transmitting the notification of the detected malware event eventually, if the level of the detected malware event is less than the event trigger threshold; wherein the event trigger threshold is configurable to control an amount of the notifications that are received in real-time so as to prevent network congestion that adversely affects the usability of the network.
2. The method of claim 1 , wherein the method further comprises the step of: transmitting an alert to an administrator indicating occurrence of the detected malware event in real-time, if the level of the detected malware event is greater than or equal to the event trigger threshold.
3. The method of claim 1 , wherein the event trigger threshold is set at a management server in a malware management program.
4. The method of claim 3 , wherein the event trigger threshold is set by setting policies in the malware management program.
5. The method of claim 1 , wherein the event trigger threshold is distributed to a plurality of malware agents residing in a plurality of user systems.
6. The method of claim 1 , wherein if the level of the detected malware event is less than the event trigger threshold, the notification of the event is not transmitted until an eventual periodic event transmission.
7. The method of claim 1 , wherein if the level of the detected malware event is less than the event trigger threshold, the notification of the event is not transmitted until a request by a management server is received.
8. The method of claim 1 , wherein the level of the event trigger threshold is selected from a ranked set of levels including, from a least critical to a most critical with progressively greater levels, as follows: (1) the informational malware events requiring no operator intervention; (2) the warning malware events that indicate a process failure; (3) the minor malware events that require attention, but are not events that could lead to loss of data; (4) the major malware events that need operator attention; and (5) the critical malware events that need immediate operator attention and could lead to loss of data if not corrected.
9. The method of claim 8 , wherein the completion of the malware scan corresponds to one of the informational malware events requiring no operator intervention.
10. The method of claim 8 , wherein the process failure relating to the malware scanning corresponds to one of the warning malware events that indicate a process failure.
11. The method of claim 8 , wherein the missing log file corresponds to one of the minor malware events that require attention, but are not events that could lead to loss of data.
12. The method of claim 8 , wherein the detection of the malware corresponds to one of the major malware events that need operator attention.
13. The method of claim 8 , wherein the failure of the response to the malware corresponds to one of the critical malware events that need immediate operator attention and could lead to loss of data if not corrected.
14. A system for reporting malware events comprising: a processor operable to execute computer program instructions; a memory operable to store computer program instructions executable by the processor; and computer program instructions stored in the memory and executable to perform the steps of: detecting a plurality of malware events each with one of a plurality of levels using a malware scanner, the plurality of malware events comprising completion of a malware scan, a process failure relating to malware scanning, a missing log file, detection of malware, and failure of a response to malware; determining a level of a detected malware event; comparing the level of the detected malware event to an event trigger threshold with one of a plurality of levels; and transmitting a notification of the detected malware event over a network, based on the comparison of the level of the detected malware event to the event trigger threshold; wherein the level of the detected malware event comprises one of: informational malware events requiring no operator intervention; warning malware events that indicate a process failure; minor malware events that require attention, but are not events that could lead to loss of data; major malware events that need operator attention; critical malware events that need immediate operator attention and could lead to loss of data if not corrected; wherein the level of the event trigger threshold comprises one of: informational malware events requiring no operator intervention; warning malware events that indicate a process failure; minor malware events that require attention, but are not events that could lead to loss of data; major malware events that need operator attention; critical malware events that need immediate operator attention and could lead to loss of data if not corrected; wherein the transmitting step comprises the steps of: transmitting the notification of the detected malware event in real-time, if the level of the detected malware event is greater than or equal to the event trigger threshold; and transmitting the notification of the detected malware event eventually, if the level of the detected malware event is less than the event trigger threshold; wherein the event trigger threshold is configurable to control an amount of the notifications that are received in real-time so as to prevent network congestion that adversely affects the usability of the network.
15. The system of claim 14 , further comprising the step of: transmitting an alert to an administrator indicating occurrence of the detected malware event in real-time, if the level of the detected malware event is greater than or equal to the event trigger threshold.
16. The system of claim 14 , wherein the event trigger threshold is set at a management server in a malware management program.
17. The system of claim 16 , wherein the event trigger threshold is set by setting policies in the malware management program.
18. The system of claim 14 , wherein the event trigger threshold is distributed to a plurality of malware agents residing in a plurality of user systems.
19. The system of claim 14 , wherein if the level of the detected malware event is less than the event trigger threshold, the notification of the event is not transmitted until an eventual periodic event transmission.
20. The system of claim 14 , wherein if the level of the detected malware event is less than the event trigger threshold, the notification of the event is not transmitted until a request by a management server is received.
21. The system of claim 14 , wherein the level of the event trigger threshold is selected from a ranked set of levels including, from a least critical to a most critical with progressively greater levels, as follows: (1) the informational malware events requiring no operator intervention; (2) the warning malware events that indicate a process failure; (3) the minor malware events that require attention, but are not events that could lead to loss of data; (4) the major malware events that need operator attention; and (5) the critical malware events that need immediate operator attention and could lead to loss of data if not corrected.
22. The system of claim 21 , wherein the completion of the malware scan corresponds to one of the informational malware events requiring no operator intervention.
23. The system of claim 21 , wherein the process failure relating to the malware scanning corresponds to one of the warning malware events that indicate a process failure.
24. The system of claim 21 , wherein the missing log file corresponds to one of the minor malware events that require attention, but are not events that could lead to loss of data.
25. The system of claim 21 , wherein the detection of the malware corresponds to one of the major malware events that need operator attention.
26. The system of claim 21 , wherein the failure of the response to the malware corresponds to one of the critical malware events that need immediate operator attention and could lead to loss of data if not corrected.
27. A computer program product for reporting malware events, comprising: a computer readable storage medium; computer program instructions, recorded on the computer readable storage medium, executable by a processor, for performing the steps of detecting a plurality of malware events each with one of a plurality of levels using a malware scanner, the plurality of malware events comprising completion of a malware scan, a process failure relating to malware scanning, a missing log file, detection of malware, and failure of a response to malware; determining a level of a detected malware event; comparing the level of the detected malware event to an event trigger threshold with one of a plurality of levels; and transmitting a notification of the detected malware event over a network, based on the comparison of the level of the detected malware event to the event trigger threshold; wherein the level of the detected malware event comprises one of: informational malware events requiring no operator intervention; warning malware events that indicate a process failure; minor malware events that require attention, but are not events that could lead to loss of data; major malware events that need operator attention; critical malware events that need immediate operator attention and could lead to loss of data if not corrected; wherein the level of the event trigger threshold comprises one of: informational malware events requiring no operator intervention; warning malware events that indicate a process failure; minor malware events that require attention, but are not events that could lead to loss of data; major malware events that need operator attention; critical malware events that need immediate operator attention and could lead to loss of data if not corrected; wherein the transmitting step comprises the steps of: transmitting the notification of the detected malware event in real-time, if the level of the detected malware event is greater than or equal to the event trigger threshold; and transmitting the notification of the detected malware event eventually, if the level of the detected malware event is less than the event trigger threshold; wherein the event trigger threshold is configurable to control an amount of the notifications that are received in real-time so as to prevent network congestion that adversely affects the usability of the network.
28. The computer program product of claim 27 , further comprising the step of: transmitting an alert to an administrator indicating occurrence of the detected malware event in real-time, if the level of the detected malware event is greater than or equal to the event trigger threshold.
29. The computer program product of claim 27 , wherein the event trigger threshold is set at a management server in a malware management program.
30. The computer program product of claim 29 , wherein the event trigger threshold is set by setting policies in the malware management program.
31. The computer program product of claim 27 , wherein the event trigger threshold is distributed to a plurality of malware agents residing in a plurality of user systems.
32. The computer program product of claim 27 , wherein if the level of the detected malware event is less than the event trigger threshold, the notification of the event is not transmitted until an eventual periodic event transmission.
33. The computer program product of claim 27 , wherein if the level of the detected malware event is less than the event trigger threshold, the notification of the event is not transmitted until a request by a management server is received.
34. The computer program product of claim 27 , wherein the level of the event trigger threshold is selected from a ranked set of levels including, from a least critical to a most critical with progressively greater levels, as follows: (1) the informational malware events requiring no operator intervention; (2) the warning malware events that indicate a process failure; (3) the minor malware events that require attention, but are not events that could lead to loss of data; (4) the major malware events that need operator attention; and (5) the critical malware events that need immediate operator attention and could lead to loss of data if not corrected.
35. The computer program product of claim 34 , wherein the completion of the malware scan corresponds to one of the informational malware events requiring no operator intervention.
36. The computer program product of claim 34 , wherein the process failure relating to the malware scanning corresponds to one of the warning malware events that indicate a process failure.
37. The computer program product of claim 34 , wherein the missing log file corresponds to one of the minor malware events that require attention, but are not events that could lead to loss of data.
38. The computer program product of claim 34 , wherein the detection of the malware corresponds to one of the major malware events that need operator attention.
39. The computer program product of claim 34 , wherein the failure of the response to the malware corresponds to one of the critical malware events that need immediate operator attention and could lead to loss of data if not corrected.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
February 7, 2002
January 3, 2012
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.